CVE-2024-49595

Vulnerability

Dell Wyse Management Suite (WMS) versions 4.4 and earlier contain an Authentication Bypass by Capture-replay vulnerability. The flaw resides in the suite's authentication mechanism, where an attacker can replay captured authentication tokens or session data to bypass proper credential verification. No specific configuration changes are needed to reach the vulnerable code path; it is present by default in the affected versions.

Exploitation

An attacker with high privileges and remote network access can exploit this vulnerability. The attacker first captures legitimate authentication traffic (e.g., a session token or authentication handshake) from a valid privileged session. By replaying the captured data, the attacker can impersonate the legitimate user and bypass the standard authentication checks. User interaction is not required for the successful replay attack, as the attack is performed against the management suite's network service.

Impact

Successful exploitation leads to unauthorized access to the management suite’s administrative functions. The primary impact is denial of service (disruption of management capabilities), as the attacker can issue commands that disrupt normal operations. According to the CVSS vector (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L), the attack can also result in high confidentiality impact (potentially exposing sensitive configuration data across different security boundaries), but integrity impact is not present. The privilege level obtained corresponds to that of the original captured session, which is a high-privilege role.

Mitigation

Dell has released a security advisory (DSA-2024-440) addressing this vulnerability. Users should update Dell Wyse Management Suite to a version later than 4.4 as soon as a patched version is made available. No workarounds are documented in the available references [1]. Organizations should review Dell's support document and apply the vendor-supplied update to mitigate the risk.